Password & Permissions Best Practices for Users

As the Admin/Staff of your Church's Account, It is critical to the security of your platform that your password remains protected. Here are some best practices to ensure that your password is securely safeguarded.  

Password Requirements

Our password requirements greatly enhance the security of your account. This ensures that not only is your data secure but all of your churches, and members' data as well. Security is very important and we're committed to protecting your church's information.

When a new user enters a new password or is resetting their password they'll be given immediate feedback if the password is weak, good, or great.

Allowable Password Ratings:
"Good" and "Great" rated Passwords

Disallowed Password Ratings:
"Weak" rated Passwords

Unlike some other sites that require a complex set of capital letters, special characters, and numbers, our password feedback uses a smart algorithm that checks the password for the "number of days it would take for someone to hack it." This algorithm gives us a score that we can use to quickly determine how strong the password truly is.

 

Tip: Though not required, encourage your users to select longer passwords with combinations of letters, numbers, and/or symbols (!@?$). 

 

We hope this gives you additional peace of mind that we've got your back, and are protecting the security of your church's information!

Things to Know

  • Since Username/Password security is used for almost every website, most browsers have included functionality to Save Login information in order to make it easier/more convenient to move from site to site. 
  • If you use other platforms for Device Syncing (such as G-Suite), then it is possible for your password to be shared with any device that is also logged in to that Platform as you. (If someone Logs into their Breeze account while that computer is also logged into your G-Suite, then their information could be compromised by being available on all of your synced devices.)
  • Role Permissions can be specific to one person or assigned to a group of people. This simply depends on the overall function of the Person or Group. Oftentimes, there are a few people who serve functions that are similar enough to include in One Role. (Ex: Youth Pastor, Children's Pastor, Worship Pastor, etc. could all be assigned the same role. i.e. Ministry Leader Role.) 

Best Practice Suggestions

  • Autofill functionality should be reserved for your personal machine only. This should be a computer that no one else would use except you!
  • Never log into your Admin User on someone else's computer unless you are certain your Passwords are NOT being saved by the Browser or some external software program. Think of your Password as a Key! Logging into your Admin account on other computers could be potentially "giving your key" to the owners of those machines.
  • Make sure your Role Permissions with Contribution access include the "Logout Automatically" Permission. Timed logouts are a great way to add additional security layers to your account. Breeze Security/SSL
  • Implement the Principle of Least Privilege - This principle states, "Only the minimum necessary rights should be assigned to a subject that requests access to a resource and should be in effect for the shortest duration necessary (remember to relinquish privileges). Granting permissions to a user beyond the scope of the necessary rights of an action can allow that user to obtain or change information in unwanted ways. Therefore, careful delegation of access rights can limit attackers from damaging a system." (per the U.S. Dept. of Homeland Security - https://www.us-cert.gov/bsi/articles/knowledge/principles/least-privilege)
    • The permissions logic in Breeze is meant to give Functionality to a Person or Group based on the specific functionality they have within your ministry. Think of this like a Pyramid - the pinnacle is the Admin(s) [the Smallest group with the MOST permissions.] -- and the Base would be the Members [the Largest group with the LEAST permissions.] Role Permissions would drop off layer by layer as the Role Permission Group gets larger and larger.
  • If you ever feel like your login has been compromised, the best thing you can do is change your password! If you are the Admin, we suggest doing this manually in Users & Roles.